[Freeipa-devel] Draft: Read permissions for user
Petr Viktorin
pviktori at redhat.com
Tue Apr 15 14:55:14 UTC 2014
Hello,
At Devconf, we decided what most of the default read permissions should
look like, but we did not get to user.
Here is a draft of 4 read permissions. Please comment.
Basic info (anonymous):
[top]
objectclass
[person]
cn, sn, description
[organizationalPerson]
title
[inetOrgPerson]
uid
displayName, givenName, initials
manager
[inetUser]
memberOf
[ipaObject]
ipaUniqueID
[ipaSshUser]
ipaSshPubKey
[ipaUserAuthTypeClass]
ipaUserAuthType
[posixAccount]
gecos, gidNumber, homeDirectory, loginShell, uidNumber
Details (all authenticated):
[person]
seeAlso, telephoneNumber
[organizationalPerson]
fax, l, ou, st, postalCode, street
destinationIndicator, internationalISDNNumber,
physicalDeliveryOfficeName,
postalAddress, postOfficeBox, preferredDeliveryMethod,
registeredAddress, teletexTerminalIdentifier, telexNumber,
x121Address
[inetOrgPerson]
carLicense, departmentNumber, employeeNumber, employeeType,
preferredLanguage, mail, mobile, pager
audio, businessCategory, homePhone, homePostalAddress, jpegPhoto,
labeledURI, o, photo, roomNumber, secretary, userCertificate,
userPKCS12, userSMIMECertificate, x500UniqueIdentifier
[inetUser]
inetUserHttpURL, inetUserStatus
[ipaUser]
userClass
Kerberos/login-related (all authenticated):
[krbPrincipalAux]
krbPrincipalName, krbCanonicalName, krbPrincipalAliases,
krbPrincipalExpiration, krbPasswordExpiration, krbLastPwdChange
[+]
nsAccountLock
Kerberos-related (user admins only):
[krbPrincipalAux]
krbLastSuccessfulAuth, krbLastFailedAuth, krbLastPwdChange
No read permission:
[person]
userPassword
[krbPrincipalAux]
krbPrincipalKey, krbExtraData, krbPwdHistory
krbLastAdminUnlock,
krbLoginFailedCount, krbPrincipalType, krbPwdPolicyReference,
krbTicketPolicyReference, krbUPEnabled
[krbTicketPolicyAux]
krbMaxRenewableAge, krbMaxTicketLife, krbTicketFlags
[mepOriginEntry]
mepManagedEntry
--
Petr³
More information about the Freeipa-devel
mailing list